Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-09-26 18:09:01 |
VPNFilter\'s Arsenal Expands With Newly Discovered Modules (lien direct) |
Seven new modules discovered in VPNFilter further fill in the blanks about how the malware operates and reveals a wider breath of capabilities. |
Malware
|
VPNFilter
|
|
|
2018-09-26 14:48:04 |
Google Vows Privacy Changes in Chrome Browser After User Backlash (lien direct) |
The tech giant promised that it will be more transparent about users' data in Chrome 70 after coming under fire for its privacy policies earlier this week. |
|
|
|
|
2018-09-25 19:55:05 |
Once Popular Online Ad Format Opens Top Tier Sites to XSS Attacks (lien direct) |
Online ad industry moves away from once prolific ads that are now deemed insecure because of DOM-based XSS vulnerabilities. |
|
|
|
|
2018-09-25 19:33:02 |
Malware on SHEIN Servers Compromises Data of 6.4M Customers (lien direct) |
A data breach targeting women's apparel giant SHEIN occurred between June and August 2018. |
Data Breach
Malware
|
|
|
|
2018-09-25 14:51:02 |
Mac Mojave Zero-Day Allows Malicious Apps to Access Sensitive Info (lien direct) |
Malicious apps can trivially thwart Mojave 10.14's new privacy protections. |
|
|
|
|
2018-09-24 20:30:03 |
Cybercriminals Target Kodi Media Player for Malware Distribution (lien direct) |
A recent cryptomining campaign shows criminal ingenuity. |
Malware
|
|
|
|
2018-09-24 17:13:04 |
Adwind RAT Scurries By AV Software With New DDE Variant (lien direct) |
The spam campaign mostly targets victims in Turkey and Germany. |
Spam
|
|
|
|
2018-09-24 16:33:04 |
Google\'s Forced Sign-in to Chrome Raises Privacy Red Flags (lien direct) |
Chrome users are now automatically signed into the browser if they're signed into any other Google service, such as Gmail. |
|
|
|
|
2018-09-24 15:22:01 |
Assessing the Human Element in Cyber Risk Analysis (lien direct) |
The human factor doesn't have to be an intangible when assessing cyber risks within a company. |
|
|
|
|
2018-09-24 13:59:01 |
Tricky DoS Attack Crashes Mozilla Firefox (lien direct) |
There are currently no mitigations for the Firefox attack, a researcher told Threatpost. |
|
|
|
|
2018-09-23 22:04:02 |
Podcast: Two Billion IoT Devices Still Vulnerable to BlueBorne Bug (lien direct) |
Up to two billion devices are still vulnerable to the BlueBorne IoT attack - and may not ever get a patch. |
|
|
|
|
2018-09-21 22:01:02 |
Critical Vulnerability Found in Cisco Video Surveillance Manager (lien direct) |
Cisco has patched vulnerability in its video surveillance manager software that could give an unauthenticated, remote attacker the ability to execute arbitrary commands on targeted systems. |
Vulnerability
|
|
|
|
2018-09-21 20:21:01 |
Twitter Flaw Exposed Direct Messages To External Developers (lien direct) |
The company said it has issued a patch for the issue, which has been ongoing since May 2017. |
|
|
|
|
2018-09-21 19:45:02 |
Delphi Packer Looks for Human Behavior Before Deploying Payload (lien direct) |
Many different threat actors are using this crypting service/tool for their operations, possibly buying it from the developer itself. |
Threat
|
|
|
|
2018-09-21 15:09:02 |
Unpatched Microsoft Zero-Day in JET Allows Remote Code-Execution (lien direct) |
Microsoft said that it's working on a fix for a zero-day flaw in its JET Database Engine. |
|
|
|
|
2018-09-20 21:07:05 |
Lucy Gang Debuts with Unusual Android MaaS Package (lien direct) |
The threat actor's Android-focused cyber-arms package, dubbed Black Rose Lucy, is limited in reach for now, but clearly has global ambitions. |
Threat
|
|
|
|
2018-09-20 16:10:04 |
Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE (lien direct) |
Vulnerability allowed an unauthenticated remote attacker to log in to a device at the time the system initially boots up. |
Vulnerability
|
|
|
|
2018-09-20 14:23:01 |
Magecart Strikes Again, Siphoning Payment Info from Newegg (lien direct) |
The incident, hard on the heels of the British Airways breach, shows that Magecart is quickly evolving and shows no signs of slowing down. |
|
|
|
|
2018-09-20 13:02:03 |
Thousands of Breached Websites Turn Up MagBo Black Market (lien direct) |
The research team said it has shared its findings with law enforcement and victims are being notified. |
|
|
|
|
2018-09-19 17:11:04 |
Mirai Masterminds Helping FBI Snuff Out Cybercrime (lien direct) |
The three hackers behind the infamous Mirai botnet have been helping law enforcement take down cybercriminals across the globe. |
|
|
|
|
2018-09-19 16:54:02 |
Critical Out-of-Band Patch Issued for Adobe Acrobat Reader (lien direct) |
Overall seven flaws were patched - including one critical vulnerability that could lead to arbitrary code execution. |
Vulnerability
Guideline
|
|
|
|
2018-09-19 13:51:02 |
A Hybrid Solution to Taming SOC Alert Overload (lien direct) |
Technology can free analysts from the burden of manual and tedious tasks so they can operate at the highest level of their abilities. |
|
|
|
|
2018-09-19 13:30:05 |
XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins (lien direct) |
A newly discovered malware has different capabilities for Windows and Linux systems, including ransomware and cryptomining. |
Ransomware
Malware
|
|
|
|
2018-09-18 19:40:01 |
ThreatList: Malware Samples Targeting IoT More Than Double in 2018 (lien direct) |
A honeypot set up to sniff out data on infected IoT devices found a broad array of compromised devices – from Mikrotik routers to dishwashers. |
Malware
|
|
|
|
2018-09-18 17:11:02 |
State Government Online Payment Service Exposes 14M Customers (lien direct) |
Outdated security practices made it simple to access other people's receipts for everything from traffic tickets to paying bail. |
|
|
|
|
2018-09-18 14:40:05 |
Dangerous Pegasus Spyware Has Spread to 45 Countries (lien direct) |
The malicious spyware has also been found in use in countries known for targeting human rights. |
|
|
|
|
2018-09-18 13:52:04 |
Insiders Continue to be Data Theft\'s Best Friend (lien direct) |
The enemy within the enterprise is often employees who are either malicious or unwittingly allowing attackers inside a protected network. |
|
|
|
|
2018-09-17 21:13:04 |
Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras (lien direct) |
Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug. |
|
|
|
|
2018-09-17 17:43:03 |
Facebook Now Offers Bounties For Access Token Exposure (lien direct) |
The newly expanded Facebook bug bounty program sniffs out access token exposure flaws. |
|
|
|
|
2018-09-17 17:19:02 |
Old WordPress Plugin Being Exploited in RCE Attacks (lien direct) |
Old instances of the popular WordPress Duplicator Plugin are leaving sites open to remote code execution attacks. |
|
|
|
|
2018-09-17 15:20:03 |
CSS-Based Attack Causes iOS, macOS Devices to Crash (lien direct) |
The attack stems from a glitch in WebKit, an HTML layout browser engine in Apple's Safari browser. |
|
|
|
|
2018-09-14 21:45:04 |
Researchers Heat Up Cold-Boot Attack That Works on All Laptops (lien direct) |
The attack bypasses BIOS mitigations for cold-boot compromise on models from Apple, Dell, Lenovo and all others made in the last 10 years. |
|
|
|
|
2018-09-14 20:32:04 |
E.U.: Tech Giants Face Big Fines, 1 Hour Limit to Remove Extremist Content (lien direct) |
The rules would apply to all hosting service providers offering services in the E.U., regardless of size, even if they're not based there. |
|
|
|
|
2018-09-14 16:09:05 |
Five Weakest Links in Cybersecurity That Target the Supply Chain (lien direct) |
Third-party breaches have become an epidemic as cybercriminals target the weakest link. Organizations such as BestBuy, Sears, Delta and even NYU Medical Center are just a few that have felt the impact of cyberattacks through third-party vendors. The fallout from these breaches can be costly, as the average enterprise pays $1.23 million per incident, up […] |
|
|
|
|
2018-09-14 13:26:02 |
Magecart Threat Group Racks Up More Hack Victims (lien direct) |
The threat group has racked up a list of victims including Feedify, Groopdealz and British Airways. |
Hack
Threat
|
|
|
|
2018-09-13 21:19:00 |
OilRig APT Continues Its Ongoing Malware Evolution (lien direct) |
The Iran-linked APT appears to be in a state of continuous tool development, analogous to the DevOps efforts seen in the legitimate software world. |
Malware
Tool
|
APT 34
|
|
|
2018-09-13 19:26:04 |
ThreatList: Microsoft Macros Remain Top Vector for Malware Delivery (lien direct) |
The second-most popular delivery method is CVE-2017-11882, a patched Microsoft vulnerability that allows the attacker to perform arbitrary code-execution. |
Malware
Vulnerability
|
|
|
|
2018-09-13 13:14:01 |
Experts Bemoan Shortcomings with IoT Security Bill (lien direct) |
The infosec community say California's IoT security bill is "nice," but doesn't hit on the important issues. |
|
|
|
|
2018-09-12 20:07:03 |
PowerShell Obfuscation Ups the Ante on Antivirus (lien direct) |
The development fits a trend that sees threat actors turning to well-known, commodity malware, overcoming its easy detection with ever-better obfuscation methods. |
Threat
|
|
|
|
2018-09-12 16:17:04 |
Apple Yet to Patch Safari Browser Address Bar Spoofing Flaw (lien direct) |
A flaw in Safari - that allows an attacker to spoof websites and trick victims into handing over their credentials - has yet to be patched. |
|
|
|
|
2018-09-12 16:12:05 |
Osiris Banking Trojan Displays Modern Malware Innovation (lien direct) |
Osiris' fundamental makeup positions it in the fore of malware trends, despite being based on old source code that's been knocking around for years. |
Malware
|
|
|
|
2018-09-11 22:17:02 |
Threatlist: Email Attacks Surge, Targeting Execs (lien direct) |
Overall, the number of email fraud attacks per targeted company rose 25 percent from the previous quarter (to 35 on average) and 85 percent from the year-ago quarter. |
|
|
|
|
2018-09-11 21:04:01 |
(Déjà vu) Microsoft Patches Three Actively Exploited Bugs as Part of Patch Tuesday (lien direct) |
Microsoft's September Patch Tuesday release tackles three vulnerabilities actively being exploited in the wild. |
|
|
|
|
2018-09-11 19:56:03 |
Bad Actors Sizing Up Systems Via Lightweight Recon Malware (lien direct) |
These stealthy downloaders initially infect systems and then only install additional malware on systems of interest. |
Malware
|
|
|
|
2018-09-11 19:55:01 |
Millions of Records Exposed in Veeam Misconfigured Server (lien direct) |
Exposed data included names, emails addresses and IP addresses. |
|
|
|
|
2018-09-11 14:52:03 |
Adobe Patches Six Critical Flaws in ColdFusion (lien direct) |
Adobe issued fixes for versions of its ColdFusion web development platform - including six critical flaws. |
|
|
|
|
2018-09-11 12:54:04 |
Magecart Group Pinned in Recent British Airways Breach (lien direct) |
The Magecart Group has been blamed for the British Airways breach that compromised 380k payment cards. |
|
|
|
|
2018-09-10 19:39:03 |
ProtonVPN, NordVPN Flaws Open Door to Privilege Escalation (lien direct) |
The flaws disclosed this month are related to a critical bug previously discovered by VerSprite in April 2018. |
|
|
|
|
2018-09-10 17:00:00 |
Tor Brings Onion Browser to Android Devices (lien direct) |
In parts of the developing world, dissidents and journalists face hostile governments and other threats -- and mobile is their only access to the internet. |
|
|
|
|
2018-09-10 16:47:00 |
Apple Finally Boots Sneaky Adware Doctor App from Mac App Store (lien direct) |
Hours after researchers publicly disclosed an app that was caught stealing and uploading browser history data, Apple removed it from the Mac App Store. |
|
|
|